The Internet was created to share information. As the use of the Internet has expanded to include e-commerce and enterprise software, it has become clear that not all information is meant to be shared with everyone. With more data accessible, industries such as Financial Services, Healthcare, and Public Sector began facing regulations to govern how sensitive data was managed and accessed. In other words, to prevent the inadvertent misuse of patient, customer, and financial information, companies started building walls around their data.

Because of these compliance requirements, companies in regulated industries, and even some companies who’ve created their own internal governance initiatives, have struggled to take advantage of the speed and innovation that cloud computing has unlocked.

Trust Services for All Salesforce Customers

At Salesforce, Trust is our #1 value. We work behind the scenes to ensure all customers have the highest level of data protection, availability, and performance. From two factor authentication to rigorous password policies, all customers get access to the same trust capabilities in our platform. Regardless of size, every Salesforce customer benefits from IP login restrictions, login history, fine-grained sharing, and setup audit trail to see what changes Admins are making.

Compliance in Regulated Industries

While Trust Services provide what most customers need, some companies in regulated industries have compliance requirements that go beyond. Wealth management firms, for example, need to track whether sensitive customer account data is being exported. Pharmaceutical companies running clinical trials in Sales Cloud need to maintain an audit trail of patient data to safeguard the integrity of clinical trial results. Health insurance companies may want to encrypt sensitive Protected Health Information, or PHI, so only medical providers can view the information, but all team members, such as Customer Service Representatives, can continue to use key application functionality such as search, workflows and validation rules, to service customers. Telecommunication firms may want to encrypt sensitive PII, or Personally Identifiable Information, and customer calling data in Service Cloud. For these companies balancing a rapid shift to cloud platforms with meeting compliance needs has been a challenge, until today.

Introducing Salesforce Shield

To help customers with complex governance and compliance needs, we are introducing Salesforce Shield, a premium set of integrated services built natively in the Salesforce1 Platform. Salesforce Shield lets customers see who is doing what with sensitive data, know the state and value of their data going back up to ten years, and encrypt sensitive data at rest, while still preserving business functionality. It is declarative and can be setup in an afternoon with point and click tools. Salesforce Shield includes three core services:

Event Monitoring gives customers unprecedented visibility into their Salesforce apps, letting them easily see what data users are accessing, from what IP address, and what actions are being taken in regards to that data. Customers simply access a standard csv file via API and pull the data into any number of visualization tools. Then, they can track when someone prints a page or list view, edits a record or creates one, changes ownership, refreshes a list, or even when a user exports account data.

Field Audit Trail gives customers a time machine so they can go back in time and see the state and value of their data on any date, at any time. It expands what is currently available with Field History Retention, giving customers up to 10 years of audit trail data for up to 60 fields per object. Field Audit Trail is built on a big data back end enabling massive scalability and letting customers access audit data in just under two minutes.  

Platform Encryption lets customers encrypt sensitive data at rest while maintaining important application functionality. Because data is encrypted at the metadata layer in the database, key Salesforce application functionality can be made ‘encryption aware’ and work despite the data being encrypted. Even more amazing, partner applications on the AppExchange, such as Conga, can also include and respect data that a customer chooses to encrypt in their org. Platform Encryption is built natively into the platform and can be set up in just a few minutes.